AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 



1 1 . (Currently amended) A method for managing a database system, 

2 wherein the database system has a plurality of administrators and security officers . 

3 comprising: 

4 receiving a command to perform an administrative function involving an 

5 object defined within the database system; 

6 determining if the object is a sensitive object that is associated with 

7 security functions in the database system, wherein the sensitive object is encrypted 

8 in the database system, wherein the sensitive object can include a sensitive row 

9 within a table in the database system, wherein the sensitive row contains sensitive 

1 0 data, and wherein other rows in the table need not contain sensitive data; 

1 1 wherein the sensitive object is an object that represents a sensitive user of 

12 the database system who is empowered to access sensitive data; 

1 3 wherein at l e a s t one of the plurality of administrators is a security officer 

14 who can perform administrative functions on sensitive objects; 

1 5 wherein an administrator in the plurality of administrators who is not a 

16 s e curity officer cannot perform administrative functions on sensitive objects; 

1 7 wherein an administrator in the pluralit}^ of administrators who is not a 

1 8 security officer cannot become a sensitive user and thereby obtain access to 

1 9 sensitive obj ects indirectly; 

20 if the object is not a sensitive object, and if the command to perform an 

21 administrative fiinction is received from an administrator who is not a securit>^ 

22 offic e r , allowing the administrative function to proceed; and 
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23 if the object is a sensitive object, and if the command is received from an 



24 



administrator who is not a security officer , disallowing the administrative 



25 function. 

1 2. (Previously presented) The method of claim 1 , further comprising: 

2 receiving a request to perform an operation on a data item in the database 

3 system; 

4 if the data item is a sensitive data item containing sensitive information 

5 and if the request is received from a sensitive user who is empowered to access 

6 sensitive data, allowing the operation to proceed if the sensitive user has access 

7 rights to the sensitive data item; and 

8 if the data item is a sensitive data item and the request is received from a 

9 user who is not a sensitive user, disallowing the operation. 

1 3. (Original) The method of claim 2, wherein if the data item is a sensitive 

2 data item, if the operation is allowed to proceed, and if the operation involves 

3 retrieval of the data item, the method further comprises decrypting the data item 

4 using an encryption key after the data item is retrieved. 

1 4. (Original) The method of claim 3, wherein the encryption key is stored 

2 along with a table containing the data item. 

1 5. (Original) The method of claim 4, wherein the encryption key is stored 

2 in encrypted form. 

1 6 (Canceled). 
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1 7. (Original) The method of claim 1, wherein if the object is not a sensitive 

2 object, and if the command to perform the administrative function is received 

3 from a security officer, the method further comprises allov^ng the security officer 

4 to perform the administrative function on the object. 

1 8. (Original) The method of claim 1 , 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 
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9. (Currently amended) A computer-readable storage medium storing 
instructions that when executed by a computer cause the computer to perform a 
method for managing a database system, wherein the database system has a 
plnrn]it\^ of administrators and security officers , the method comprising: 

receiving a command to perform an administrative function involving an 
object defined within the database system; 

determining if the object is a sensitive object that is associated with 
security functions in the database system, wherein the sensitive object is encrypted 
in the database system, wherein the sensitive object can include a sensitive row 
within a table in the database system, wherein the sensitive row contains sensitive 
data, and wherein other rows in the table need not contain sensitive data; 

wherein the sensitive object is an object that represents a sensitive user of 
the database system who is empowered to access sensitive data; 

wherein at least one of the plurality of administrators i s a security officer 
wh^an perform administrative functions on sensitive objects; 
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1 6 wherein an administrator in the pluralit>^ of administrators who i s not a 

1 7 security offic e r cannot perform administrative functions on sensitive objects; 

1 8 wherein an administrator in the pluraUt} ' of administrators who is not a 

1 9 socurity officer cannot become a sensitive user and thereby obtain access to 

20 sensitive objects indirectly; 

21 if the object is not a sensitive object, and if the command is received from 

22 an administrator who is not a security offic e r , allowing the administrative function 

23 to proceed; and 

24 if the object is a sensitive object, and if the conmiand is received from an 

25 administrator system who is not a security officer , disallowing the administrative 

26 function. 

1 10. (Previously presented) The computer-readable storage medium of 

2 claim 9, wherein the method further comprises: 

3 receiving a request to perform an operation on a data item in the database 

4 system; 

5 if the data item is a sensitive data item containing sensitive information 

6 and if the request is received from a sensitive user who is empowered to access 

7 sensitive data, allowing the operation to proceed if the sensitive user has access 

8 rights to the sensitive data item; and 

9 if the data item is a sensitive data item and the request is received from a 
1 0 user system who is not a sensitive user, disallowing the operation. 

1 11. (Original) The computer-readable storage medium of claim 10, 

2 wherein if the data item is a sensitive data item, if the operation is allowed to 

3 proceed, and if the operation involves retrieval of the data item, the method 



5 
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4 further comprises decrypting the data item using an encryption key after the data 

5 item is retrieved. 

1 12. (Original) The computer-readable storage medium of claim 11, 

2 wherein the encryption key is stored along with a table containing the data item. 

1 13. (Original) The computer-readable storage medium of claim 12, 

2 wherein the encryption key is stored in encrypted form. 

1 14 (Canceled). 

1 15. (Original) The computer-readable storage medium of claim 9, wherein 

2 if the object is not a sensitive object, and if the command to perform the 

3 administrative function is received from a security officer, the method further 

4 comprises allowing the security officer to perform the administrative function. 

1 16. (Original) The computer-readable storage medium of claim 9, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 17. (Currently amended) An apparatus for managing a database system, 

2 wherein the database system has a plurality of administrators and secui'itv officers , 

3 comprising: 



6 
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a command receiving mechanism that is configured to receive a command 
to perform an administrative function involving an object defined within the 
database system; 

an execution mechanism that is configured to, 

determine if the object is a sensitive object that is 
associated with security fimctions in the database system, wherein 
the sensitive object is encrypted in the database system, wherein 
the sensitive object can include a sensitive row within a table in the 
database system, wherein the sensitive row contains sensitive data, 
and wherein other rows in the table need not contain sensitive data, 
wherein the sensitive object is an object that represents a sensitive 
user of the database system who is empowered to access sensitive 
data; 

wherein at least one of the plurality of administrators is a security officer 
whe-can perform administrative fimctions on sensitive objects; 

wherein an administrator in th e plurality of administrators who io not a 
security officer carmot perform administrative fimctions on sensitive objects; 

wherein an administrator in the pkiralit}^ of administrators who is not a 
so curit)^ offic e r cannot become a sensitive user and thereby obtain access to 
sensitive objects indirectly; 

allow the administrative function to proceed, if the object is 
not a sensitive object, and if the command is received from an 
administrator who is not a s e curity offic e r , and to 

disallow the administrative fimction, if the object is the 
sensitive object, and if the command is received from an 
administrator who is not a security officer . 

7 
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1 18. (Previously presented) The apparatus of claim 17, 

2 wherein the command receiving mechanism is configured to receive a 

3 request to perform an operation on a data item in the database system; 

4 wherein the execution mechanism is configured to, 

5 allow the operation to proceed, if the data item is a 

6 sensitive data item, if the request is received from a sensitive user 

7 who is empowered to access sensitive data, and if the sensitive user 

8 has access rights to the sensitive data item, and to 

9 disallow the operation, if the data item is a sensitive data 

10 item, and if the request is received from a user who is not a 

1 1 sensitive user. 

1 19. (Original) The apparatus of claim 18, further comprising a decryption 

2 mechanism, wherein if the data item is a sensitive data item, if the operation is 

3 allowed to proceed, and if the operation involves retrieval of the data item, the 

4 decryption mechanism is configured to decrypt the data item using an encryption 

5 key after the data item is retrieved 

1 20. (Original) The apparatus of claim 19, wherein the encryption key is 

2 stored along with a table containing the data item. 

1 21. (Original) The apparatus of claim 20, wherein the encryption key is 

2 stored in encrypted form. 

1 22 (Canceled). 



8 
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1 23. (Original) The apparatus of claim 17, wherein if the object is not a 

2 sensitive object, and if the command to perform the administrative function is 

3 received from a security officer, the execution mechanism is configured to allow 

4 the security officer to perform the administrative function. 

1 24. (Original) The apparatus of claim 17, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 25. (Currently amended) A method for managing a database system which 

2 has administrators and security officers, comprising: 

3 receiving a command to perform an administrative function involving an 

4 object defined within the database system; 

5 determining if the object is a sensitive object that is associated with 

6 security functions in the database system, wherein the sensitive object is an object 

7 that represents a sensitive user of the database system who is empowered to access 

8 sensitive data; 

9 wherein at least one of th e plurality of administrators is a security officer 

10 whe-can perform administrative functions on sensitive objects; 

1 1 wherein an administrator in the plurality of administrators who is not a 

12 security offic e r cannot perform administrative functions on sensitive objects; 

1 3 wherein an administrator in th e plurality of administrators who is not a 

14 security officer - cannot become a sensitive user and thereby obtain access to 

1 5 sensitive obj ects indirectly; 



9 
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16 if the object is not a sensitive object, and if the command is received from 

17 j a database administrator who is not a Gccurity officer , allowing the administrative 

1 8 function to proceed; and 

19 if the object is a sensitive object, and if the command is received from an 

20 systeffl-administrator who is not a security officer , disallowing the administrative 

21 function. 

1 26. (Previously presented) The method of claim 25, further comprising: 

2 receiving a request to perform an operation on a data item in the database 

3 system; 

4 if the data item is a sensitive data item containing sensitive information 

5 and if the request is received from a sensitive user who is empowered to access 

6 sensitive data, allowing the operation to proceed if the sensitive user has access 

7 rights to the sensitive data item; and 

8 if the data item is a sensitive data item and the request is received from a 

9 user who is not a sensitive user, disallowing the operation. 

1 27. (Previously presented) The method of claim 26, wherein if the data 

2 item is a sensitive data item, if the operation is allowed to proceed, and if the 

3 operation involves retrieval of the data item, the method further comprises 

4 decrypting the data item using an encryption key after the data item is retrieved. 

1 28. (Previously presented) The method of claim 27, wherein the encryption 

2 key is stored along with a table containing the data item. 

1 29. (Previously presented) The method of claim 28, wherein the encryption 

2 key is stored in encrypted form. 

10 
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1 30. (Previously presented) The method of claim 25, wherein the sensitive 

2 object can include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 

1 31. (Previously presented) The method of claim 25, wherein if the object is 

2 not a sensitive object, and if the command to perform the administrative function 

3 is received from a security officer, the method further comprises allowing the 

4 security officer to perform the administrative function on the object. 

1 32. (Previously presented) The method of claim 25, 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 

1 33. (Currently amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method for managing a database system which has administrators and security 

4 officers, the method comprising: 

5 receiving a command to perform an administrative function involving an 

6 object defined within the database system; 

7 determining if the object is a sensitive object that is associated with 

8 security functions in the database system, wherein the sensitive object is an object 

11 
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9 that represents a sensitive user of the database system who is empowered to access 

10 sensitive data; 

1 1 wherein at l e ast on e of the plurality of administrators is a security officer 

12 whe-can perform administrative functions on sensitive objects; 

1 3 wherein an administrator in the plurality of administrators who is not a 

14 s o curit>^ officer carmot perform administrative functions on sensitive objects; 

1 5 wherein an administrator in th e plurality of administrators who i s not a 

16 security offic e r cannot become a sensitive user and thereby obtain access to 

1 7 sensitive obj ects indirectly; 

1 8 if the object is not a sensitive object, and if the command is received from 

1 9 an databas e administrator who is not a s e curity offic e r , allowing the 

20 administrative function to proceed; and 

21 if the object is a sensitive object, and if the command is received from mi 

22 system-administrator who i s not a s ecurit}^ offic e r , disallowing the administrative 

23 function. 

1 34. (Previously presented) The computer-readable storage medium of 

2 claim 33, wherein the method further comprises: 

3 receiving a request to perform an operation on a data item in the database 

4 system; 

5 if the data item is a sensitive data item containing sensitive information 

6 and if the request is received from a sensitive user who is empowered to access 

7 sensitive data, allowing the operation to proceed if the sensitive user has access 

8 rights to the sensitive data item; and 

9 if the data item is a sensitive data item and the request is received from a 

10 user who is not a sensitive user, disallowing the operation. 



12 
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1 35. (Previously presented) The computer-readable storage medium of 

2 claim 34, wherein if the data item is a sensitive data item, if the operation is 

3 allowed to proceed, and if the operation involves retrieval of the data item, the 

4 method further comprises decrypting the data item using an encryption key after 

5 the data item is retrieved. 



1 36. (Previously presented) The computer-readable storage medium of 

2 claim 35, wherein the encryption key is stored along with a table containing the 

3 data item. 

1 37. (Previously presented) The computer-readable storage medium of 

2 claim 36, wherein the encryption key is stored in encrypted form. 

1 38. (Previously presented) The computer-readable storage medium of 

2 claim 33, wherein the sensitive object can include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 

1 39. (Previously presented) The computer-readable storage medium of 

2 claim 33, wherein if the object is not a sensitive object, and if the command to 

3 perform the administrative function is received from a security officer, the method 

4 further comprises allowing the security officer to perform the administrative 

5 function. 



13 
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40. (Previously presented) The computer-readable storage medium of 
claim 33, 

wherein the database system includes a number of sensitive data items; 

and 

wherein only specific sensitive users are allowed to access a given 
sensitive data item. 

41. (Currently amended) An apparatus for managing a database system 
which has administrators and security officers , comprising: 

a command receiving mechanism that is configured to receive a command 
to perform an administrative function involving an object defined within the 
database system; 

wherein at least one of the plurality of administrator s is a security officer 
whe-can perform administrative functions on sensitive objects; 

wherein an administrator in th e plurality of administrators who is not a 
security offic e r cannot perform administrative functions on sensitive objects; 

wherein an administrator in the pluralit>^ of administrators who is not a 
security officer cannot become a sensitive user and thereby obtain access to 
sensitive objects indirectly; 

an execution mechanism that is configured to, 

determine if the object is a sensitive object that is 
associated with security functions in the database system, wherein 
the sensitive object is an object that represents a sensitive user of 
the database system who is empowered to access sensitive data, 

allow the administrative function to proceed, if the object is 
not a sensitive object, and if the command is received from an 
administrato r who is not a s e curity offic e r , and to 

14 
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21 
22 
23 



disallow the administrative function, if the object is a 
sensitive object, and if the command is received from an 
administrator who is not a s e curit>^ officer . 



1 42. (Previously presented) The apparatus of claim 41 , 

2 wherein the command receiving mechanism is configured to receive a 

3 request to perform an operation on a data item in the database system; 

4 wherein the execution mechanism is configured to, 

5 allow the operation to proceed, if the data item is a sensitive data item, if 

6 the request is received from a sensitive user who is empowered to access sensitive 

7 data, and if the sensitive user has access rights to the sensitive data item, and to 

8 disallow the operation, if the data item is a sensitive data item, and if the 

9 request is received from a user who is not a sensitive user. 

1 43. (Previously presented) The apparatus of claim 42, further comprising a 

2 decryption mechanism, wherein if the data item is a sensitive data item, if the 

3 operation is allowed to proceed, and if the operation involves retrieval of the data 

4 item, the decryption mechanism is configured to decrypt the data item using an 

5 encryption key after the data item is retrieved 

1 44. (Previously presented) The apparatus of claim 43, wherein the 

2 encryption key is stored along with a table containing the data item. 

1 45. (Previously presented) The apparatus of claim 44, wherein the 

2 encryption key is stored in encrypted form. 
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1 46. (Previously presented) The apparatus of claim 41, wherein the 

2 sensitive object can include one of: 

3 a sensitive table containing sensitive data in the database system; 

4 a sensitive row within a table in the database system, wherein the sensitive 

5 row contains sensitive data; and 

6 an object that represents a sensitive user of the database system who is 

7 empowered to access sensitive data. 

1 47. (Previously presented) The apparatus of claim 41 , wherein if the object 

2 is not a sensitive object, and if the command to perform the administrative 

3 function is received from a security officer, the execution mechanism is 

4 configured to allow the security officer to perform the administrative function. 

1 48. (Previously presented) The apparatus of claim 41 , 

2 wherein the database system includes a number of sensitive data items; 

3 and 

4 wherein only specific sensitive users are allowed to access a given 

5 sensitive data item. 
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